DoD Releases Version 0.6 of its Cybersecurity Maturity Model Certification

On November 7, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial Base (DIB) and its supply chains.

The model updates Version 0.4, which DoD released on September 4, 2019, and which we wrote about here. The CMMC establishes the framework necessary for contractors to obtain one of five certification levels necessary to perform work on certain DoD contracts, including those that require the handling of Controlled Unclassified Information. Whereas Version 0.4 merely listed the capabilities, controls, and processes that were expected to apply to each certification level, this version provides some additional discussion and clarification to assist contractors with meeting Level 1 certifications.